# Copyright 2021 Cortex Labs, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: operator
  namespace: default

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: operator
  namespace: default
subjects:
  - kind: ServiceAccount
    name: operator
    namespace: default
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: operator
  namespace: default
  labels:
    workloadID: operator
spec:
  replicas: 1
  selector:
    matchLabels:
      workloadID: operator
  template:
    metadata:
      labels:
        workloadID: operator
    spec:
      serviceAccountName: operator
      containers:
        - name: operator
          image: {{ config['image_operator'] }}
          imagePullPolicy: Always
          resources:
            requests:
              cpu: 200m
              memory: 128Mi
            limits:
              cpu: 2000m
              memory: 1024Mi
          ports:
            - containerPort: 8888
          envFrom:
            - configMapRef:
                name: env-vars
          volumeMounts:
            - name: cluster-config
              mountPath: /configs/cluster
            - name: docker-client
              mountPath: /var/run/docker.sock
      volumes:
        - name: cluster-config
          configMap:
            name: cluster-config
        - name: docker-client
          hostPath:
            path: /var/run/docker.sock
            type: Socket

---
apiVersion: v1
kind: Service
metadata:
  namespace: default
  name: operator
  labels:
    cortex.dev/name: operator
spec:
  selector:
    workloadID: operator
  ports:
    - port: 8888
      name: http

---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: operator-gateway
  namespace: default
spec:
  selector:
    istio: ingressgateway-operator
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
    - port:
        number: 443
        name: https
        protocol: HTTPS
      hosts:
        - "*"
      tls:
        mode: SIMPLE
        serverCertificate: /etc/istio/customgateway-certs/tls.crt
        privateKey: /etc/istio/customgateway-certs/tls.key

---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: operator
  namespace: default
spec:
  hosts:
    - "*"
  gateways:
    - operator-gateway
  http:
    - route:
        - destination:
            host: operator
            port:
              number: 8888
